Issue No.04 - July-Aug. (2011 vol.9)
John Diamant , Hewlett-Packard
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2011.88
The software industry would be better off with more emphasis on early-lifecycle security—avoiding security mistakes in the first place. That means security requirements analysis and architecting or designing security in, an approach that's rare but that provides substantial benefits.
software development, HP Comprehensive Applications Threat Analysis, W. Edwards Deming, security vulnerabilities, dynamic application security testing, static application security testing, security requirements gap analysis, architectural threat analysis, security quality, zero day, 0-day, security and privacy
John Diamant, "Resilient Security Architecture: A Complementary Approach to Reducing Vulnerabilities", IEEE Security & Privacy, vol.9, no. 4, pp. 80-84, July-Aug. 2011, doi:10.1109/MSP.2011.88